[rsyslog-notify] Forum Thread: Re: Host information is missing while sending Oracle DB logs - (Mode 'reply')
noreply at adiscon.com
noreply at adiscon.com
Thu Nov 19 17:38:08 CET 2015
User: antonb
Forumlink: http://kb.monitorware.com/viewtopic.php?p=26174#p26174
Message:
----------
what the HP-UX server is sending to rsyslog (according to the debug log you
quote above) is
<140>Nov 17 09:06:57 Oracle Audit[20904]: LENGTH: "222" SESSIONID:[6]
"785490" ENTRYID:[1] "1" USERID:[3] "CAP" ACTION:[3] "101" RETURNCODE:[1]
"0"
LOGOFF$PREAD:[1] "0" LOGOFF$LREAD:[3] "134" LOGOFF$LWRITE:[2] "16"
LOGOFF$DEAD:[1] "0" DBID:[10] "2834441098" SESSIONCPU:[1] "1"
this is a perfectly valid message with a hostname of 'Oracle' and a
programname of 'Audit'
if it's supposed to be a programname of 'Oracle Audit' with a missing
hostname, rsyslog has no way of detecting this.
what you could do is to detect if $hostname='Oracle' and if it is, log with
a different template that used %fromhost-ip% of %fromhost% instead of
%hostname% in the template.
Or you can look on the HU-UX box and see if you can fix it's formatting
problem.
[b:2bsuacmz]dlang[/b:2bsuacmz]
Following your advice I used if-then statement to improve my template and
now rsyslog saves logs from DB in proper folders on logserver. It's really
some progress thanks to you.
But LogAnalyzer, which i've been using, still cannot distinguish hostname
of DB logs. I understand that DB logs are still coming without hostname,
and it supposed to be changed on delivering system. Can you advice how to
make it right on HP-UX?
Grateful for any response :)
More information about the rsyslog-notify
mailing list